cbcvebase.
CVE-2023-23779
published 2023-02-16

CVE-2023-23779: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.32%
67.4th percentile
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Affected

9 ranges
VendorProductVersion rangeFixed in
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb6.3.6 – 6.3.19
fortinetfortiweb6.4.0 – 6.4.2
fortinetfortiweb7.0.0 – 7.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for OS command injection attempts via crafted HTTP request parameters targeting FortiWeb management interfaces, particularly from authenticated sessions
  • ·Vulnerability affects FortiWeb version 7.0.1 and below, 6.4 all versions, and 6.3.19 and below — verify deployed version falls outside these ranges after patching
  • ·Attack requires authentication; prioritize monitoring and hardening of authenticated user sessions and restrict administrative access to FortiWeb management interfaces
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.